ALERT: Beware of phishing scams circulating at U-M

This information was sent to the IT Security Community and Frontline Notify groups on June 3, 2015.

Hello IT Security Community and Frontline Notify (FLN),

We need your help in alerting people in your unit that a new round of phishing scam emails are going around U-M. Several people have fallen victim to these scams. These scams are not new, but they are specifically targeting U-M. Thank you for any help you can provide in warning people about these phishing scams.

IRS Scam: Stealing Personal Information Via Google Forms

These email messages claim to be from the IRS and direct the recipient to a Google form to validate information. One such message, for example, had this text: "Internal Revenue Records shows your information could not be processed for validity. Do validate immediately."

The Google Form asks for information such as birthdate, Social Security number, and more. In several instances, the Google form had been set up in M+Google using a compromised U-M account. Please use caution before entering personal information in a Google form. U-M will never ask you to enter information such as your Social Security Number or financial information in a Google form.

Academic Publishing Scam Targeting Faculty

These messages appear to come from actual faculty at other institutions and are addressed to individual U-M faculty. The messages compliment the recipient on their articles and ask the recipient to send copies of other articles for use in research.

Links in the message appear to be U-M, library, or journal webpages. When a recipient clicks one of the links they are taken to a fake U-M Weblogin page to get to a page for the article in question. When they log in to view the article, their uniqname and password are stolen, and may then be re-used for malicious purposes.

Summary Information to Share with Users

Multiple email phishing attacks are circulating at U-M. Take extra care.

• IRS Information Validation Scam. These emails ask people to validate personal information, such as Social Security number, by entering it on a Google Form. The information is being collected by criminals. (IRS scam example at U-M)
• Academic Publishing Scam. These emails ask faculty to share articles by clicking links that require login to get to online copies of the articles. The login page is a fake one that steals the faculty member's uniqname and UMICH password. (Academic publishing scam example at U-M)

What you can do:

• Be cautious of links in unsolicited emails.
• Do not enter personal private information in Google Forms.
• Learn more on the U-M Safe Computing website at Spam, Phishing, and Suspicious Email.
• Refer to Safe Computing for updates.
• If you suspect you got caught by one of these scams, change your UMICH password and contact the ITS Service Center to let them know your account may have been compromised.

This message has been posted on Safe Computing at IIA Alert: Beware of phishing scams circulating at U-M. We ask you to refer people to it directly.

Sincerely, 
Don

Donald J. Welch, Ph.D., 
Chief Information Security Officer, 
University of Michigan